SAP Knowledge Base Article - Public

3011997 - Unable to Generate New Password From the Forgot Password Link

Symptom

When using the password reset self-service, you expect the system to send a token to the user's e-mail address, in order to set up a new password. However, no token is sent to the e-mail address provided.

Environment

  • SAP Business ByDesign
  • SAP Cloud for Customer

Reproducing the Issue

  1. Open the system's log-on screen.
  2. Click the link Forgot your Password? (ByD) or Forgot password? (C4C).
  3. A popup screen will come up, requesting to enter your e-mail address.
  4. Automatically a new popup will request you to enter the token that was sent to your e-mail address. 

Cause

There might be several causes related to this issue. Some of them are listed below, with their resolution.

Resolution

The e-mail address of the user is not maintained in the system

For Business ByDesign:

  1. Go to the Personnel Administration work center.
  2. Access the Regular Tasks views.
  3. Select option Change Workplace Contact Data.
  4. Search for the Employee to be edited.
  5. Maintain e-mail address under Communication Data. 

For Cloud for Customer:

  1. Go to the Administrator work center.
  2. Access the Employee view.
  3. Search and select the employee to be edited.
  4. Click Edit.
  5. The employee's TI will open in Edit mode, where you can change the e-mail address.

It is worth noting that the e-mail address for the business user needs to be unique. If the same address is maintained for multiple users, the system is not able to determine which user needs to be reset, and the token is not sent.

Check the E-Mail and Fax Settings fine-tuning activity

  1. Go to the Business Configuration work center.
  2. Access the Overview work center view.
  3. Search and open activity E-Mail and Fax Settings.
  4. In the next screen, click the E-Mail and Fax Settings link.
  5. Under the section E-Mail and Fax Delivery in a Non-Productive System, check if option "Send all e-mails to this address" is selected.

When this configuration is maintained, all outbound e-mails from the system will be sent to the e-mail address determined in the field underneath it, so that the administrator can check how the e-mails are displayed before using them in productive circumstances. Since all outbound e-mails are routed to the e-mail address maintained in this fine-tuning activity, this includes password reset tokens.

Please set this option to "Send all e-mails to business partners" so that the users receive their password reset tokens as expected.

Note: this functionality is only available in test systems.

The user has been manually locked by an administrator

If a user has been manually locked by an administrator, it will not be able to log in even if the password is correct. Additionally, the "Forgot Password" functionality won't work as well.

To check if this is the case, please do the following:

  1. Go to the Business Users work center view.
    • In Business ByDesign, under the Application and User Management work center.
    • In Cloud for Customer, under the Administrator work center.
  2. Search for the affected user.
  3. The user will have the checkbox under the User Locked column checked.

To unlock the user, select it in the list and click the Unlock User button in this same screen.

Check or configure S/MIME certificate

Please check the following:

  1. Go to the Common Tasks work center view. 
    • In Business ByDesign, under the Application and User Management work center.
    • In Cloud for Customer, under the Administrator work center.
  2. Access the option Configure S/MIME.
  3. Navigate to the Outgoing E-Mail tab. 
  4. Check if the certificate has expired in the system.
  5. Click Renew S/MIME Certificate. 
  6. Save your changes and test the scenario again. 

Check encryption for outgoing e-mails

  1. Go to Configure S/MIME (see above) and navigate to tab Activate S/MIME. 
  2. Check if Encrypt Outgoing E-Mails is selected. 
  3. If yes, the system is expecting user's S/MIME certificate to send an encrypted e-mail while trying to reset password. Therefore, uncheck/unselect this option and then test the Forgot Password feature again. 

In case all settings are fine and the issue remains, open an SAP support case (see KBA 1296527) and confirm that the settings as mentioned in this KBA have been checked and are correct. SAP needs then to perform further checks in the backend.

Keywords

Forgot Password, New Password, Token Not Received, No e-mail was sent as user has no e-mail address , KBA , no e-mail was sent as user has no e-mail , forgot password , SRD-CC-IAM , Identity & Access Management , How To

Product

SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions